diff --git a/.gitignore b/.gitignore
index 1db0010..9d7e639 100644
--- a/.gitignore
+++ b/.gitignore
@@ -95,3 +95,4 @@ jenkins.yml
kvm.yml
paperless.yml
vaultwarden.yml
+mirrors.yml
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index 326c1a0..c5e3736 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,5 +1,19 @@
---
gitea_username: git
-
gitea_user: "{{ systemuserlist[gitea_username] }}"
+gitea_log_level: Info
+
+gitea_main: false
+gitea_ssh_enabled: false
+gitea_custom_tmpl_enabled: false
+gitea_smtp_enabled: false
+gitea_lfs_enabled: false
+gitea_oidc_provider_enabled: false
+gitea_oidc_client_enabled: false
+gitea_reverse_proxy_auth_enabled: false
+gitea_indexer_es_enabled: false
+gitea_openid_enabled: false
+gitea_federation_enabled: false
+
+shieldsio_enabled: false
diff --git a/roles/gitea/files/tmpl/custom/extra_links.tmpl b/roles/gitea/files/tmpl/custom/extra_links.tmpl
index b4b25ec..5a188b0 100644
--- a/roles/gitea/files/tmpl/custom/extra_links.tmpl
+++ b/roles/gitea/files/tmpl/custom/extra_links.tmpl
@@ -5,5 +5,5 @@
ops/wiki
ops/packages
{{else}}
-log in
+
{{end}}
\ No newline at end of file
diff --git a/roles/gitea/tasks/gitea.yml b/roles/gitea/tasks/gitea.yml
index 72bbf1b..a5fa838 100644
--- a/roles/gitea/tasks/gitea.yml
+++ b/roles/gitea/tasks/gitea.yml
@@ -18,19 +18,42 @@
- name: create dir structure
file:
- path: "{{ gitea_user.home }}/{{ item }}"
+ path: "{{ gitea_user.home }}/{{ item.name }}"
state: directory
mode: 0755
- owner: git
- group: git
+ owner: "{{ item.owner | default(gitea_user.username) }}"
+ group: "{{ item.group | default(gitea_user.username) }}"
+ loop_control:
+ label: "{{ gitea_user.home }}/{{ item.name }}"
with_items:
- - data
- - data/gitea
- - data/gitea/conf
- - data/gitea/templates
- - data/gitea/templates/custom
- - data/gitea/templates/user/dashboard
- - data/git
+ - name: data
+
+ - name: data/git
+ - name: data/gitea
+
+ # for overriding gitea's go-templates
+ # from role/gitea/files/tmpl/
+ - name: data/gitea/templates
+ - name: data/gitea/templates/custom
+ - name: data/gitea/templates/user/dashboard
+
+ - name: data/gitea/conf
+ - name: data/gitea/tmp
+ - name: data/gitea/indexers
+ - name: data/gitea/attachments
+ - name: data/gitea/avatars
+ - name: data/gitea/repo-avatars
+ - name: data/gitea/log
+
+ - name: redis
+ owner: '999'
+ group: '999'
+ - name: redis/data
+ owner: '999'
+ group: '999'
+
+ tags:
+ - gitea-mirror
- name: template ssh passthrough script
template:
@@ -39,17 +62,38 @@
mode: 0755
owner: git
group: git
+ when: gitea_ssh_enabled
+ tags:
+ - gitea-mirror
+
+- name: copy the ssh keys used for the ssh shim (gitea manages authorized_keys)
+ copy:
+ src: "private/gitea/{{ item.name }}"
+ dest: "{{ gitea_user.home }}/.ssh/{{ item.name }}"
+ mode: "{{ item.mode }}"
+ owner: "{{ gitea_user.username }}"
+ group: "{{ gitea_user.username }}"
+ no_log: true
+ when: gitea_ssh_enabled
+ with_items:
+ - name: id_rsa
+ mode: "0600"
+ - name: id_rsa.pub
+ mode: "0644"
- name: template config
template:
- src: private/gitea_app.ini.j2
+ src: app.ini.j2
dest: "{{ gitea_user.home }}/data/gitea/conf/app.ini"
owner: git
group: git
mode: 0644
notify: restart gitea
+ tags:
+ - gitea-config
+ - gitea-mirror
-- name: template robots.txt
+- name: template robots.txt and sitemap.xml
template:
src: "{{ item }}.j2"
dest: "{{ gitea_user.home }}/data/gitea/{{ item }}"
@@ -78,12 +122,13 @@
- user/dashboard/repolist.tmpl
tags:
- gitea-templates
+ when: gitea_custom_tmpl_enabled
notify: restart gitea
- name: template nginx vhost
template:
src: 01-gitea.j2
- dest: /etc/nginx/sites-enabled/01-gitea
+ dest: /etc/nginx/sites-enabled/01-{{ gitea_url }}
owner: root
group: root
mode: 0644
@@ -92,6 +137,36 @@
- gitea-nginx
notify: reload nginx
+- name: redis container for gitea
+ docker_container:
+ name: gitea-redis
+ image: "redis:latest"
+ restart_policy: "unless-stopped"
+ auto_remove: false
+ detach: true
+ pull: true
+ state: started
+ container_default_behavior: compatibility
+ env:
+ REDIS_HOST: redis-gitea
+ networks_cli_compatible: false
+ networks:
+ - name: bridgewithdns
+ healthcheck:
+ interval: 30s
+ timeout: 60s
+ start_period: 10s
+ test: "redis-cli --raw incr ping"
+ mounts:
+ - type: bind
+ source: "{{ gitea_user.home }}/redis/data"
+ target: /data
+ tags:
+ - redis
+ - gitea-redis-container
+ - gitea-container
+ - docker-containers
+
- name: start container
docker_container:
name: gitea
@@ -111,12 +186,6 @@
env:
USER_UID: "{{ gitea_user.uid }}"
USER_GID: "{{ gitea_user.gid }}"
- DB_TYPE: mysql
- DB_HOST: "{{ ansible_docker0.ipv4.address }}:3306"
- DB_NAME: gitea
- DB_USER: gitea
- DB_PASSWD: "{{ gitea_user.mariadb_pass }}"
- DISABLE_REGISTRATION: "true"
networks_cli_compatible: false
network_mode: bridgewithdns
networks:
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index c49ce67..54d738d 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -1,3 +1,8 @@
---
- import_tasks: gitea.yml
tags: gitea
+
+ - import_tasks: shieldsio.yml
+ tags:
+ - gitea
+ - shieldsio
diff --git a/roles/gitea/tasks/shieldsio.yml b/roles/gitea/tasks/shieldsio.yml
new file mode 100644
index 0000000..4080dcb
--- /dev/null
+++ b/roles/gitea/tasks/shieldsio.yml
@@ -0,0 +1,19 @@
+---
+
+# docker run --rm -p 8080:8080 --env PORT=8080 --name shields shieldsio/shields:next
+
+- name: start shields.io container
+ docker_container:
+ name: shieldsio
+ image: shieldsio/shields:next
+ detach: true
+ pull: true
+ restart_policy: unless-stopped
+ state: started
+ ports:
+ - 127.0.0.1:{{ shieldsio_port }}:{{ shieldsio_port }}
+ env:
+ PORT: "{{ shieldsio_port | string }}"
+ tags:
+ - docker-containers
+ when: shieldsio_enabled
diff --git a/roles/gitea/templates/01-gitea.j2 b/roles/gitea/templates/01-gitea.j2
index 9146c65..2fb496e 100644
--- a/roles/gitea/templates/01-gitea.j2
+++ b/roles/gitea/templates/01-gitea.j2
@@ -6,13 +6,27 @@ server {
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
{% endif -%}
+ include /etc/nginx/sudo-known.conf;
include listen-proxy-protocol.conf;
server_name {{ gitea_url }} {{ gitea_extra_urls | default([]) | join([" "]) }};
-
# default value
set $header_sudo_gitea "gitea";
+ {% for item in ["/metrics"] -%}
+ location {{ item }} {
+ allow 127.0.0.1;
+ allow {{ my_public_ips[inventory_hostname] }}/32;
+ allow {{ my_public_ips[ansible_control_host] }}/32;
+ allow {{ wireguard_cidr }};
+ deny all;
+
+ proxy_pass http://{{ bridgewithdns.gitea }}:{{ gitea_docker_port }};
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ {% endfor %}
+
location / {
proxy_pass http://{{ bridgewithdns.gitea }}:{{ gitea_docker_port }};
@@ -45,8 +59,6 @@ server {
}
{% endfor %}
- include /etc/nginx/sudo-known.conf;
-
location /robots.txt {
# gitea itself can also serve this file
alias {{ gitea_user.home }}/data/gitea/robots.txt;
@@ -60,6 +72,44 @@ server {
return 302 https://{{ authelia_login_url }}/reset-password/step1;
}
+ {% if shieldsio_enabled -%}
+
+ gzip_static off;
+ gzip off;
+
+ location = {{ shieldsio_path }} {
+ return 302 {{ shieldsio_path }}/;
+ }
+ {# location /page-data {
+ # # wrong: /page-data/shieldsio/page-data.json
+ # # should be: {{ shieldsio_path }}/page-data/index/page-data.json
+ #
+ # #rewrite '^/page-data{{ shieldsio_path }}(/.*)' '/page-data/index$1';
+ # return 302 {{ shieldsio_path }}$uri;
+ # } #}
+
+ location {{ shieldsio_path }}/ {
+ rewrite '^{{ shieldsio_path }}(/.*)$' $1 break;
+
+ proxy_set_header Accept-Encoding "";
+ sub_filter 'href="/' 'href="{{ shieldsio_path }}/';
+ sub_filter 'src="/' 'src="{{ shieldsio_path }}/';
+ #sub_filter 'pagePath="/' 'pagePath="{{ shieldsio_path }}/';
+ sub_filter_once off;
+ sub_filter_types *;
+
+ #sub_filter '\$\{\_\_PATH_PREFIX\_\_\}' '{{ shieldsio_path }}/';
+
+ proxy_pass http://127.0.0.1:{{ shieldsio_port }};
+
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ set $header_sudo_gitea "shields.io";
+ }
+ {% endif %}
+
access_log /var/log/nginx/access_{{ gitea_url }}.log main;
error_log /var/log/nginx/error_{{ gitea_url }}.log warn;
@@ -68,10 +118,10 @@ server {
ssl_certificate /usr/local/etc/certs/{{ gitea_url }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/certs/{{ gitea_url }}/privkey.pem;
- add_header Referrer-Policy "no-referrer" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Permitted-Cross-Domain-Policies "none" always;
- add_header X-XSS-Protection "1; mode=block" always;
+ #add_header Referrer-Policy "no-referrer" always;
+ #add_header X-Frame-Options "SAMEORIGIN" always;
+ #add_header X-Permitted-Cross-Domain-Policies "none" always;
+ #add_header X-XSS-Protection "1; mode=block" always;
add_header SUDO-GITEA $header_sudo_gitea always;
fastcgi_hide_header X-Powered-By;
diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
new file mode 100644
index 0000000..064f8bc
--- /dev/null
+++ b/roles/gitea/templates/app.ini.j2
@@ -0,0 +1,518 @@
+# distributed from ansible/private
+
+APP_NAME = {{ gitea_url }}
+RUN_MODE = prod
+RUN_USER = {{ gitea_user.username }}
+
+[server]
+# http because nginx terminates https
+PROTOCOL = http
+USE_PROXY_PROTOCOL = false
+APP_DATA_PATH = /data/gitea
+DOMAIN = {{ gitea_url }}
+HTTP_PORT = {{ gitea_docker_port }}
+ROOT_URL = https://{{ gitea_url }}/
+
+# for gitea workerse (such as ssh update) that access the web service
+# setting this value allows us to set more custom SSH_ settings
+LOCAL_ROOT_URL = http://localhost:{{ gitea_docker_port }}/
+
+# disables use of cdn for static files and gravatar for profile pictures
+OFFLINE_MODE = true
+
+# we have the nginx access logs
+DISABLE_ROUTE_LOG = false
+
+# gzip compressoin for runtime-generated content (not static resources)
+ENABLE_GZIP = false
+
+# web browser cache (custom/, public/, avatars)
+STATIC_CACHE_TIME = 6h
+STATIC_URL_PREFIX = https://{{ gitea_url }}/
+
+# can be "home", "explore", "organizations", "login", or any URL such
+# as "/org/repo" or even "https://anotherwebsite.com
+LANDING_PAGE = home
+
+{% if gitea_lfs_enabled -%}
+LFS_START_SERVER = true
+LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
+{% else -%}
+LFS_START_SERVER = false
+{% endif %}
+
+{% if gitea_ssh_enabled -%}
+DISABLE_SSH = alse
+SSH_AUTHORIZED_KEYS_BACKUP = true
+# displayed in the clone urls on the web interface
+SSH_DOMAIN = {{ gitea_url }}
+SSH_USER = {{ gitea_user.username }}
+SSH_PORT = 22
+SSH_EXPOSE_ANONYMOUS = false
+
+# the docker image is running an opsnssh server (with supervised)
+START_SSH_SERVER = false
+
+# and trying to start the builtin ssh server gives
+# error: listen tcp :22: bind: address already in use
+# START_SSH_SERVER = true
+# BUILTIN_SSH_SERVER_USER = {{ gitea_user.username }}
+# SSH_LISTEN_PORT = 22
+
+{% else -%}
+DISABLE_SSH = true
+{% endif %}
+
+
+[database]
+DB_TYPE = mysql
+HOST = 172.17.0.1:3306
+NAME = {{ gitea_user.mariadb_username }}
+USER = {{ gitea_user.mariadb_username }}
+PASSWD = {{ gitea_user.mariadb_pass }}
+LOG_SQL = false
+SCHEMA =
+SSL_MODE = disable
+CHARSET = utf8mb4
+
+[security]
+# explicitly setting some default values
+COOKIE_USERNAME = gitea_awesome
+COOKIE_REMEMBER_NAME = gitea_incredible
+LOGIN_REMEMBER_DAYS = 7
+DISABLE_WEBHOOKS = false
+
+# secret keys
+SECRET_KEY = {{ gitea_secret_key }}
+INTERNAL_TOKEN = {{ gitea_internal_token }}
+
+# user needs git hook privileges to set git hook
+DISABLE_GIT_HOOKS = false
+
+# disables the installer
+INSTALL_LOCK = {{ gitea_installer_locked | default(true) | string | lower }}
+
+{% if gitea_reverse_proxy_auth_enabled -%}
+# values to use authelias reverse proxy auth
+REVERSE_PROXY_AUTHENTICATION_USER = X-Remote-User
+REVERSE_PROXY_AUTHENTICATION_EMAIL = X-Remote-Email
+REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-Remote-Name
+REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
+# use X-Forwarded-For or X-Real-IP header to set remote IP for the request
+REVERSE_PROXY_LIMIT = 1
+{% endif %}
+
+{% if gitea_oidc_provider_enabled -%}
+[oauth2]
+# generate with 'gitea generate':
+# https://docs.gitea.io/en-us/command-line/#generate
+JWT_SECRET = {{ gitea_oidc_provider_jwt_secret }}
+{% endif %}
+
+[log]
+MODE = file
+FILE_NAME = gitea.log
+LEVEL = {{ gitea_log_level }}
+REDIRECT_MACARON_LOG = true
+MACARON = file
+ROUTER = file
+ROOT_PATH = /data/gitea/log
+ENABLE_SSH_LOG = {{ gitea_ssh_enabled | string | lower }}
+
+[log.file.*]
+FLAGS = longfile,shortfuncname,level
+
+[git]
+# explicitly set defaults
+HOME_PATH = /data/gitea/home
+MAX_GIT_DIFF_LINES = 1000
+MAX_GIT_DIFF_FILES = 100
+# respond to pushes to non-default branches with a link to create a PR
+PULL_REQUEST_PUSH_MESSAGE = true
+
+[git.timeout]
+DEFAULT = 360
+MIGRATE = 600
+MIRROR = 300
+CLONE = 300
+PULL = 300
+GC = 60
+
+[service]
+# expire time for email links
+ACTIVE_CODE_LIVE_MINUTES = 180
+RESET_PASSWD_CODE_LIVE_MINUTES = 180
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_CAPTCHA = false
+
+# dont require user to sign in to view public stuff
+REQUIRE_SIGNIN_VIEW = false
+
+# only allow external (ldap, oidc) registrations
+DISABLE_REGISTRATION = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = true
+SHOW_REGISTRATION_BUTTON = false
+
+# repo settings
+DEFAULT_ENABLE_TIMETRACKING = false
+
+# org settings
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ORG_VISIBILITY = public
+
+# user settings
+DEFAULT_USER_VISIBILITY = limited
+# public, limited (visible to logged in), private (visible to users in same org)
+ALLOWED_USER_VISIBILITY_MODES = public,limited,private
+AUTO_WATCH_ON_CHANGES = true
+AUTO_WATCH_NEW_REPOS = false
+NO_REPLY_ADDRESS = {{ gitea_url }}
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+
+ENABLE_NOTIFY_MAIL = false
+
+{% if gitea_reverse_proxy_auth_enabled -%}
+ENABLE_REVERSE_PROXY_AUTHENTICATION = true
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
+ENABLE_REVERSE_PROXY_EMAIL = true
+ENABLE_REVERSE_PROXY_FULL_NAME = true
+{% else -%}
+ENABLE_REVERSE_PROXY_AUTHENTICATION = true
+{% endif %}
+
+[repository]
+ROOT = /data/git/repositories
+DEFAULT_BRANCH = main
+# default: last. options: last, private, public
+DEFAULT_PRIVATE = public
+# default to creating private repo when using push-to-create
+DEFAULT_PUSH_CREATE_PRIVATE = true
+
+[repository.editor]
+# default includes no extension (single ',' at the end)
+LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd
+PREVIEWABLE_FILE_MODES = markdown
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+ENABLED = true
+TEMP_PATH = /data/gitea/tmp/uploads
+MAX_FILES = 25
+# in MB
+FILE_MAX_SIZE = 10
+
+[repository.pull-request]
+WORK_IN_PROGRESS_PREFIXES = wip,wip:,[wip],WIP,WIP:,[WIP]
+DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true
+# annoyingly, these go _above_ the link to the PR
+POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES = false
+
+[project]
+# explicit defaults
+PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
+PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
+
+[cors]
+# we would set this in nginx
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
+ENABLED = false
+
+[ui]
+DEFAULT_THEME = arc-green
+ISSUE_PAGING_NUM = 100
+REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
+# on the explore page
+SHOW_USER_EMAIL = false
+# everywhere
+DEFAULT_SHOW_FULL_NAME = false
+# default: disable a Service Worker to cache frontend assets
+USE_SERVICE_WORKER = false
+
+[ui.user]
+# repos that are displayed on one page
+REPO_PAGING_NUM = 30
+
+{% if gitea_main -%}
+[ui.meta]
+# affects how links are unfurled
+AUTHOR = {{ gitea_url }}
+DESCRIPTION = Gitea
+KEYWORDS = git,self-hosted,gitea,{{ domain }},{{ gitea_url }},{{ myusername }}
+{% endif %}
+
+[ui.notification]
+# how often the notification endpoint is polled to update the notification
+# will increase to MAX_TIMEOUT in TIMEOUT_STEPs if notification count is unchanged
+# to disable: set MIN_TIMEOUT to -1
+MIN_TIMEOUT = 60s
+MAX_TIMEOUT = 180s
+TIMEOUT_STEP = 30s
+
+[markdown]
+# soft line breaks as hard line breaks: single newline character between
+# paragraphs will cause a line break, adding trailing whitespace to paragraphs
+# is not necessary to force a line break.
+ENABLE_HARD_LINE_BREAK_IN_COMMENTS = false
+ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false
+
+FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+ENABLE_MATH = true
+
+[indexer]
+{% if gitea_indexer_es_enabled -%}
+ISSUE_INDEXER_TYPE = elasticsearch
+ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+ISSUE_INDEXER_NAME = gitea_issues
+REPO_INDEXER_ENABLED = true
+REPO_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+REPO_INDEXER_NAME = gitea_repos
+REPO_INDEXER_TYPE = elasticsearch
+{% else -%}
+ISSUE_INDEXER_TYPE = bleve
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+REPO_INDEXER_ENABLED = false
+# takes a lot of disk space
+#REPO_INDEXER_TYPE = bleve
+{% endif %}
+
+[admin]
+DEFAULT_EMAIL_NOTIFICATIONS = onmention
+# allow non-admin users to create orgs
+DISABLE_REGULAR_ORG_CREATION = false
+
+{% if gitea_openid_enabled -%}
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+{% endif %}
+
+{% if gitea_oidc_client_enabled -%}
+[oauth2_client]
+# can override REGISTER_EMAIL_CONFIRM (currently set to same)
+REGISTER_EMAIL_CONFIRM = false
+#OPENID_CONNECT_SCOPES =
+ENABLE_AUTO_REGISTRATION = true
+# userid = use the userid / sub attribute
+# nickname = use the nickname attribute
+# email = use the username part of the email attribute
+USERNAME = nickname
+# update if available on each login
+UPDATE_AVATAR = false
+# if account/email exists
+# disabled = show an error
+# login = show an account linking login
+# auto = link directly with the account
+ACCOUNT_LINKING = login
+{% endif %}
+
+[mailer]
+{% if gitea_smtp_enabled -%}
+ENABLED = true
+MAILER_TYPE = smtp
+FROM = git@{{ domain }}
+ENVELOPE_FROM = git@{{ domain }}
+HELO_HOSTNAME = {{ gitea_url }}
+SUBJECT_PREFIX = [{{ gitea_url }}]
+
+{% if gitea_smtp_matrix|default(false) -%}
+SMTP_ADDR = {{ matrix_smtp_url }}
+SMTP_PORT = 25
+PROTOCOL = smtp
+{% else -%}
+SMTP_ADDR = {{ smtp_server }}
+SMTP_PORT = {{ smtp_port }}
+USER = {{ smtp_username }}
+PASSWD = {{ smtp_passwd }}
+PROTOCOL = smtps
+FORCE_TRUST_SERVER_CERT = false
+{% endif %}
+
+{% else -%}
+ENABLED = false
+{% endif %}
+
+[cache]
+ENABLED = true
+ADAPTER = redis
+INTERVAL = 60
+HOST = network=tcp,addr=gitea-redis:6379,db=0,pool_size=100,idle_timeout=100
+ITEM_TTL = 16h
+
+[cache.last_commit]
+ENABLED = true
+
+[session]
+# empty = use db config
+PROVIDER_CONFIG =
+PROVIDER = db
+# 1 week
+SESSION_LIFE_TIME = 604800
+# the cooke SameSite setting (not gitea specific)
+SAME_SITE = lax
+COOKIE_NAME = i_like_gitea
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR = true
+ENABLE_FEDERATED_AVATAR = false
+
+[attachment]
+# pull request attachments
+STORAGE_TYPE = local
+PATH = /data/gitea/attachments
+
+[cron]
+ENABLED = true
+RUN_AT_START = false
+
+[cron.archive_cleanup]
+ENABLED = false
+
+[cron.update_mirrors]
+ENABLED = true
+SCHEDULE = @every 1h
+RUN_AT_START = false
+
+[cron.repo_health_check]
+ENABLED = true
+SCHEDULE = @midnight
+RUN_AT_START = false
+
+[cron.check_repo_stats]
+ENABLED = true
+SCHEDULE = @midnight
+RUN_AT_START = false
+
+[cron.update_migration_poster_id]
+ENABLED = false
+
+[cron.sync_external_users]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 1h
+UPDATE_EXISTING = true
+
+[cron.deleted_branches_cleanup]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @midnight
+OLDER_THAN = 24h
+
+[cron.cleanup_hook_task_table]
+ENABLED = true
+RUN_AT_START = false
+
+[cron.cleanup_packages]
+ENABLED = true
+RUN_AT_START = true
+SCHEDULE = @midnight
+OLDER_THAN = 24h
+
+[cron.delete_inactive_accounts]
+ENABLED = false
+
+[cron.delete_repo_archives]
+ENABLED = false
+
+[cron.git_gc_repos]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 72h
+TIMEOUT = 60s
+# args for 'git gc'
+# ARGS =
+
+[cron.resync_all_sshkeys]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 72h
+
+[cron.resync_all_hooks]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 72h
+
+[cron.reinit_missing_repos]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 72h
+
+[cron.delete_missing_repos]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 72h
+
+[cron.delete_generated_repository_avatars]
+ENABLED = false
+
+[cron.delete_old_actions]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 72h
+
+[cron.update_checker]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 168h
+HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
+
+[cron.delete_old_system_notices]
+ENABLED = true
+RUN_AT_START = false
+SCHEDULE = @every 168h
+OLDER_THAN = 200h
+
+[mirror]
+ENABLED = true
+# creation of new pull/push mirrors (not git push/pull)
+DISABLE_NEW_PULL = false
+DISABLE_NEW_PUSH = false
+DEFAULT_INTERVAL = 8h
+MIN_INTERVAL = 10m
+
+[api]
+ENABLE_SWAGGER = true
+MAX_RESPONSE_ITEMS = 200
+DEFAULT_PAGING_NUM = 200
+
+[highlight.mapping]
+# not working..
+.py.j2 = python
+.sh.j2 = sh
+
+[other]
+SHOW_FOOTER_VERSION = false
+ENABLE_SITEMAP = true
+
+[metrics]
+# served on /metrics
+# access control in nginx
+ENABLED = true
+
+{% if gitea_federation_enabled -%}
+[federation]
+ENABLED = true
+# disable user statistics for nodeinfo
+SHARE_USER_STATISTICS = false
+{% endif %}
+
+[packages]
+ENABLED = true
+
+[storage]
+STORAGE_TYPE = local
+
+[storage.packages]
+STORAGE_TYPE = local
+
+[storage.repo-archives]
+STORAGE_TYPE = local
+
+{% if gitea_lfs_enabled -%}
+[lfs]
+STORAGE_TYPE = local
+PATH = /data/git/lfs
+{% endif %}
\ No newline at end of file
diff --git a/roles/gitea/templates/filebeat-gitea.yml.j2 b/roles/gitea/templates/filebeat-gitea.yml.j2
index a166497..19b268f 100644
--- a/roles/gitea/templates/filebeat-gitea.yml.j2
+++ b/roles/gitea/templates/filebeat-gitea.yml.j2
@@ -8,6 +8,7 @@
fields_under_root: true
fields:
service.type: gitea
+ gitea_name: {{ gitea_url }}
tags:
- gitea